The Adams ResidenceTravelouge for a Shiny Distracted Techie2016-02-16T19:33:17Zhttp://theadamsresidence.net/feed/atom/WordPressMikehttp://theadamsresidence.nethttp://theadamsresidence.net/?p=4212016-02-16T19:33:17Z2016-02-16T19:33:17ZContinue reading »]]>If you ever have mornings where the coffee isn’t strong enough and your memory is still covered in more fog then the Golden Gate Bridge you should probably not work on important things.

If you do and you find you put in the wrong password for admin multiple times, you may find that you lock out the admin user.

But don’t worry, this is why we have replicants!

Quickly ssh over to one of the replicants, gain admin access (make sure you know the right password this time!) and then unlock the admin account using the following command:

# ipa user-unlock admin

Best of Luck!

]]>0Mikehttp://theadamsresidence.nethttp://theadamsresidence.net/?p=3942013-08-02T17:40:12Z2013-08-02T17:40:12ZContinue reading »]]>In fact it has been over a year since my last post.

You wouldn’t guess that by looking at my draft section for the website.

Things have been pretty busy in my life
and I hope that soon they will kinda settle down.

In the mean time I plan on doing some
more posts and hope you will stick
around to read them.

- Me

]]>0Mikehttp://theadamsresidence.nethttp://theadamsresidence.net/?p=3132012-04-14T23:38:51Z2012-04-14T23:35:32ZContinue reading »]]>Not to long ago I submitted a topic for the 2012 Utah Open Source Conference. The other day I found out that not only has my paper been selected; it was popular enough to be scheduled twice!
So if you plan on going to the Utah Open Source Conference, May 3rd through the 5th at UVU this year stop by, you get two chances. :-)

]]>0Mikehttp://theadamsresidence.nethttp://theadamsresidence.net/?p=2722012-04-01T19:54:43Z2012-04-01T19:54:43ZContinue reading »]]>Recently I managed to take a couple hours and finish the epic struggle of setting up an XMPP server.
For the most part I look back and I wonder what it is that took me so long to get this little project taken care of. It was a relatively easy installation and something that I am still exploring the syntax and options of.

Something that I thought I would share though is what I did with the SSL certs to get it to work. One of the things that you might not expect is that ejabberd uses a single SSL cert file.

Why does that matter?

When a client and server perform the SSL samba of love, part of the process is the exchange of the server certs and the intermediate CA certs. This is the process that allows a client to look at the server cert, the CA cert that the client should already have, and make the intermediate steps, using the intermediate CA cert, to validate the CA signed the server cert.

If you choose to use a self signed cert this process obviously may not be the same.

The quirk here is that I first had to define the SSL Cert file location in the ejabberd.cfg file:

{5222, ejabberd_c2s, [

%%
%% If TLS is compiled in and you installed a SSL
%% certificate, specify the full path to the
%% file and uncomment this line:
%%
{certfile, "/etc/ejabberd/mydomain.pem"}, starttls_required,

{access, c2s},
{shaper, c2s_shaper},
{max_stanza_size, 65536}
]}

There isn’t any other place to define additional certs, including the intermediate certs or the key file. In order to be able to do this you have to combine the files: the OpenSSL private key, the signed PEM from the CA, and the intermediate CA cert from the CA (I like StartCom!)

Once that is done you simply need to restart the ejabberd service and you should not see any errors.

I tried to verify the connection using the following openssl command on Fedora 13:

openssl s_client -connect server.mydomain.org:5222 -starttls xmpp

For some reason it doesn’t seem to be able to actually do it (Even with the use of -starttls xmpp) so I went with a secondary plan. I launched wireshark and watched the connection to see if it was leaking things like the private key.

It doesn’t appear too.

Still I wish it wouldn’t require the use of the private key in the same file as the server and intermediate CA certs. It makes me wonder how it handles those things in the background.

]]>7Mikehttp://theadamsresidence.nethttps://theadamsresidence.net/?p=2802012-03-20T06:59:21Z2012-03-17T18:32:39ZContinue reading »]]>Today is St. Patrick’s day and I am leaving Chicago without seeing the river or parade. Sad, I know.

I did stumble upon some green I didn’t expect: a “green” drinking fountain at O’Hare International Airport.

Personally I think the filtration alone makes it fantastic! It is the touchless water bottle filler that makes things so green.

Two green drinking fountains that provide filtered water and bottle filling.

One thing about filling water bottles at the airport is the surprising difficulty of the task. Now that I have a clever little collapsible bottle it is even harder. Having a proper way to fill up makes things more hygienic and easier.

Action shot of a collapseable water bottle being filled from filtered water bottle filling station

Along with ease and hygiene is preservation of precious resources. Ideally people would recycle their plastic bottles together rather then toss them; unfortunately that doesn’t always happen. To help show what a difference such a system can make it would be nice to see some sort of numbers..

Numbers from the kid fountain/filling station.

Numbers from the adult fountain/filling station.

The numbers appear to be based solely on the number of “fills” performed. I don’t believe it considers the occasional mishap when people move in and out of the sensors range while filling. Still the idea that we are preventing so much plastic from being purchased and tossed is a good thing.

Overhead shot of the fountain / filling station at ORD

Overall the system is pretty straightforward and easy to use. In fact I had to sneak in and out of people to get the photos. Everyone seemed to be more then happy to fill a bottle, even if that was refilling a plastic Fiji water bottle. :-)

Time to get to the plane and enjoy the water during take off. Safe travels all.

- Mike

]]>2Mikehttp://theadamsresidence.nethttp://theadamsresidence.net/?p=2532012-04-25T00:43:32Z2012-02-24T00:35:13ZContinue reading »]]>Recently theadamsresidence.net underwent maintenance for some pending updates. As part of the process IPv6 was enabled for the host in an IPv6 capable environment. As a result it is now possible to access the site using IPv6.

A few useful things:

Enabling IPv6 on the OS Level

Enabling IPv6 was easy to do with CentOS 5.

The following files were edited:

/etc/sysconfig/network:
* Added:

NETWORKING_IPV6=yes

/etc/sysconfig/ifcfg-eth0:
* Added:

IPV6INIT=yes
IPV6_AUTOCONF=yes

Ensuring Services Listen to IPv6

Since most services automatically bind to IPv6 ports as well as IPv4, or in some cases like Apache httpd bind only to IPv6, by default almost all services came back when restarted.

There were only three services that actually needed modification to also bind to IPv6: Dovecot, Sendmail and BIND.

Securing the System with Netfilter

To secure the system I used my IPv4 iptables settings. There were a couple interesting items there:

There is no NAT filter table.

In fact this causes an error when using the ip6tables service as it tries to unload the nat ip6table module, which doesn’t exist.

I had to provide an exception for the ICMPv6 protocol.

The autoconf works beautifully and uses ICMPv6 messages for the router solicitation.

Other then that everything seems to be working like a charm. I haven’t had a chance to test it yet, but I think I might have to get another SSL cert.

Beyond that, enjoy the new IPv6 site!

- Mike

]]>0Mikehttp://theadamsresidence.nethttp://theadamsresidence.net/?p=2452012-02-29T06:46:21Z2012-02-13T06:38:15ZContinue reading »]]>Today is another day on the road and hopefully more then a dollar. This week I am stationed in a place that I expect to be fairly warm and sunny: Texas.

So you can imagine my surprise, after a pleasant, if chilly, day yesterday I see pouring rain this morning. D’oh! And my umbrella died in a gusty rainstorm two weeks ago in Baltimore and I haven’t replaced it yet. Double D’oh!

No worries, I have my complimentary USA Today with me!

Over the years I have developed a routine at hotels that quietly slip a USA Today under my room door whilst I sleep. When I go to leave the room, I bend over and pick up the paper just before leaving the room.

I know, that doesn’t seem that special. Considering that most places will give you a 75¢ credit not to take it at the room, well it seems almost silly. You can still pick up the paper in the Lobby for free too. Truthfully it doesn’t matter too much if I grab one at the room door or in the hotel lobby.

Right about know there may be some question as to why this matters. Perhaps it is the feel of the paper? The well crafted articles and graphics? Maybe the ability to swat the nose of ravaging zombie dogs?

No, no and perhaps to the zombie dogs…

The reason I grab the USA Today is two fold (pun intended):

It provides a nifty temporary “folder” to protect important documents.

It acts as a small shield for the rain/snow/hail/frogs/whatever.

This morning the paper performed double duty. Oh sure I could have tucked the paper (Yes, singular) into a folder in my backpack, slapped on the Boston Redsox hat and dashed for the rental. That would have taken more time then was necessary and my lovely hair cut would have been damaged! (Just kidding, it isn’t a lovely haircut, but it still would have resulted in “hat hair”.)

Placing the paper(s) inside the center of the USA Today allows the papers to be protected from moisture and from folding. As the paper(s) is/are tucked cosily in amongst its kind, it is less likely to be accidentally creased or folded. Bent a little? Sure! It pops right back to natural form though. This is probably the number one reason that I like the USA Today paper.

The other reason is the obvious rain shield that it is so good at.

OH! And the articles. I don’t mind the articles for reading on the plane and throw away before landing.

I hope that helps someone out.

- Mike

PS

Okay, I confess, I like it for the graphics! USA Today has some of the best graphs (as in pie charts and bar graphs) in the business and usually one is very humorous.

]]>0Mikehttp://theadamsresidence.nethttps://theadamsresidence.net/?p=2372012-04-27T05:52:07Z2012-02-03T02:15:37ZContinue reading »]]>What does this look like to you?

If you say honey, well your partially right. Say about 7 percent right, according to the lower right hand corner of the packet the golden sauce poised in the photo above contains “7% REAL HONEY”. This little gem of information is posted just below a cartoon image of a happy and delightful southern gentlemen with a string tie wearing glasses and an apron.

Yeah, you know the one I mean…

I have lived a good portion of my life near the First Kentucky Fried Chicken (Note: This is the first franchise location) and have gone to it time and time again over the years. I actually have some fond memories of that rather shabby and small restaurant. I am less a fan by the remodel they did a few years ago turning it into the same chain as everywhere else.

But lets ignore that for a moment and focus on the “Honey Sauce” that I go the other day. At least the name is accurate. This is a honey influenced sauce. Although I think the label should have been “High Fructose Corn Syrup Sauce”, since that is the man ingredient.

I can see two reasons why KFC (Or is that KGC now?) has elected to distribute “Honey Sauce” to its franchise locations:

1) It is cheaper.

Livestrong.com quotes Beverage watch for an average price 20 cents a pound for HFCS (High Fructose Corn Syrup) in 2010. The National Honey Board provides an average bulk cost of $1.50 a pound for imported honey in 2010. Wholesale honey costs averaged around $3.50 that year.

2) It is more consistent in its, well, consistency.

The sad truth is that you will probably never even think about it, but when I was younger the real honey packets.. Well… I told myself I wouldn’t cry… *sniffle* *sniffle* It was so good! I never even thought that they would change it.

Believe me when I say that this is an abomination compared to the way I remember the honey packets. They were so good!

I guess the only solution then is try and find some honey packets for those biscuits on the way home. You could try Starbucks. It seems that tea drinkers are much pickier about honey then biscuit eaters.